CVE-2025-15122

EUVD-2025-205495

28.12.2025, 05:16

A vulnerability was found in JeecgBoot up to 3.9.0. The impacted element is the function loadDatarule of the file /sys/sysDepartRole/datarule/. Performing manipulation of the argument departId/roleId results in improper authorization. It is possible to initiate the attack remotely. The attack is considered to have high complexity. The exploitability is regarded as difficult. The exploit has been made public and could be used. The vendor was contacted early about this disclosure but did not respond in any way.

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	Primary	3.1 LOW	NETWORK	HIGH	LOW	CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N
VulDB	CNA	3.1 LOW				CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N/E:P/RL:X/RC:R

Base Score

CVSS 3.x

EPSS Score

Percentile: 8%

Affected Products (NVD)

Vendor	Product	Version
jeecg	jeecg_boot	𝑥 ≤ 3.9.0

𝑥

= Vulnerable software versions

Known Exploits!

Common Weakness Enumeration

References

https://github.com/Hwwg/cve/issues/35

https://vuldb.com/?ctiid.338500

https://vuldb.com/?id.338500

https://vuldb.com/?submit.711774